Tuesday, August 07, 2007

11g Security New Feature... A short one...

Two new security related features to Blog about this week. First, Oracle Database 11g comes with a new view called DBA_USERS_WITH_DEFPWD. What is for you ask? This view will show you the user accounts that are assigned default passwords, like scott/tiger. You can therefore change those passwords and be more secure. This view has one column, USERNAME.

Also, passwords in Oracle Database 11g will be case sensitive now! When you upgrade, your old passwords will not be case sensitive, but the first time you change the password of an account after an upgrade it will become case sensitive. New accounts will be case sensitive out of the box. The parameter sec_case_sensitive_logon will be provided to disable/enable this feature.

One other note. All the features I'm discussing in this Blog at this point are from Beta code. They can change between now and the time production code comes out, so be aware.

More on this and many other Oracle Database 11g topics in my new book from Oracle Press, Oracle Database 11g New Features. Check it out!

[Post edited for spelling error]

4 comments:

Gary Myers said...

"sec_case_sensitivie_logon"
spelling mistake ?

How does this affect database clients ? As I understand it, the client doesn't simply send the entered password (or hash) to the database for validation. The client comes up with its own hash of the username/password and then there's a bit of a 'dance' with both client and server proving they know the same hash value.
Does that mean non-11g clients won't connect to 11g ?

Robert Freeman said...

It would appear to work fine with a 10.2 client. In this case the userid/password is robert/Robert:

Here we use the case sensitive password and it works:
C:\oracle\product\10.2.0\DB01\BIN>.\sqlplus robert/Robert@//192.168.255.133:1521/orcl

SQL*Plus: Release 10.2.0.1.0 - Production on Wed Aug 8 00:14:04 2007

Copyright (c) 1982, 2005, Oracle. All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.5.0 - Beta
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.5.0 - Beta
With the Partitioning, OLAP, Data Mining and Real Application Testing options

Here we use the lower case (wrong) password and it does not:
C:\oracle\product\10.2.0\DB01\BIN>.\sqlplus robert/robert@//192.168.255.133:1521/orcl

SQL*Plus: Release 10.2.0.1.0 - Production on Wed Aug 8 00:14:14 2007

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:
ORA-01017: invalid username/password; logon denied

Gary Myers said...

Thanks, its nice to know

Mumbai Guy said...

Good to see 11g comming up with case sensitive password. It was long overdue.

 
Subscribe in a reader